KMS for Google Workspace (CSE)

Google has a feature called Client-Side Encryption (CSE), that allows secure communication with external encryption keys. This means that you hold your own key (HYOK).

By using this solution, it’s possible to encrypt data with private external keys for many Google services.

Client-Side Encryption (CSE) is an optional security feature available to users of Google Workspace. With CSE, data will be encrypted before it is stored on Google’s servers, using their own encryption keys.

This means that even if someone gains access to a user’s data, they won’t be able to read it without the encryption key held by the user.

CSE is designed to be easy to use, with encryption and decryption happening automatically in the background.

Google Workspace Client-side encryption (CSE) is currently available for the following services:

To use encryption in Google, you need a key manager to securely create and manage encryption keys.

Complior offers a Key Management Service (KMS) as a service powered by Thales CipherTrust Manager, protected by Thales Hardware Secure Module (HSM). This service is provided to our customers through secure data centers in Stockholm, Sweden.

CipherTrust Cloud Key Manager (CCKM), which is a licensed component of the CipherTrust Manager, provides key generation, separation of duties, reporting, and key lifecycle management to assist in fulfilling internal and industry data protection mandates. It is FIPS 140-2 Level 3 certified.

How Key management service (KMS) and Google works shown on graphic
How Key management service (KMS) and Google works shown on graphic

This solution enables organizations to:

Learn more